First time I have done something like this.Few days a go I decided to write exploit for this(tftpd32 v2.21), of course I didn't know how to but whatever. I figured out that I could overwrite EIP, I didn't know what to do after that, so this morning I looked at some blogs and learned/understood some things and started writing, and finally executed calc.exe . I decided to blog(brag ) about it. Its not explained very well, but there are links to other places that have better tutorials on it.

I agree. Great (brag) blog about buffer overflows. I found another good post about buffer overflows at (http://www.madirish.net/?article=215). That makes two great examples of services that can be attacked. NICE work. I can't wait to use the knowledge in the OSCP course.

Good article pizza1337. I can't help with your problem since I still don't know much about exploit writing. Started learning it some time back but had to stop it for some time since I started my eLearnsecurity course. Maybe after 2-3 days after I cover the buffer overflow module.

I would like yo to check the following link Sil pointed me to pentest.cryptocity.net They provide videos and slides of their classes for free. The content is very interesting and even beginners will be able to understand it. They also (kind of)refer Art of exploitation along with the classes, so that's a plus for you.

Nice job pizza1337! Ever since I read the article by n1p I've wanted to try this out but haven't had a chance.

The part I'm a bit confused on since I've never done this before is how to get the shellcode you wrote to be used? I'm guessing it is the perl script that you get at the end, do you just plug it into metasploit? How do you use the script you wrote in a pentest?

"Live as though you would die tomorrow, learn as though you would live forever."

@pizza1337 If I understand you well, you have developed this exploit on Win XP, SP1 and you just want somebody else to validate your work by trying it on a similar machine?

I couldn't test it yesterday but for sure tonight I will have time. I will let you know how it went right after.

@yatz A Buffer Overflow vulnerability is exploited when a user (attacker) enters especially crafted code instead of expected data. For example, pizza1337 used netcat to send a lot of "A" to the application using the GET request. This is called fuzzing:

This made the application crashed. He then replaced the "A" with his exploit and a payload. He finally created a perl script to send the exploit to the vulnerable service. He used the metasploit framework to generate his payload with this line:

H1t M0nk3y wrote:@yatz A Buffer Overflow vulnerability is exploited when a user (attacker) enters especially crafted code instead of expected data. For example, pizza1337 used netcat to send a lot of "A" to the application using the GET request.

...

But if you want to run this exploit, you won't have to use metasploit because no bind or reverse shell will be created. If it works, a calculator will appear on the victim's machine.

Hope it helped

Ah, yes that makes perfect sense. Maybe I was just not thinking clearly.

I will definitely understand this better in the future.

Thanks!!

"Live as though you would die tomorrow, learn as though you would live forever."